Why is this referred to as 'cross-site' scripting a lot, there's only one site involved?
Six hours to fix a XSS flaw?
I call bullshit - I think all their engineers were asleep from 2am to 7am.
'Fix' is a stretch
I noticed this morning that the pop-up profile box is missing from hovering @names in tweets, so I guess they just removed all JS stuff like for a little while until they sort it properly.
I think there were some malicious variants. Some definitely attempted to compile information via DMs
In what way was it an "attack"?
There was no signal to disrupt with the noise.
I'm sure there were some engineers on shift, but anyone with a high enough pay grade to actually make a decision about deploying a fix would be either snoozing or too busy trying to figure out how to actually make some money off of Twitter.
"creating hundreds of thousands of spam message in the process"
Isn't that business as usual for Twitter?
What's the issue?
Personally, I'd prefer watching a Rick Astley video to reading people's random inane spews on Twitter
Twitter execs to engineers: "Way to go XSS holes!" ;)
- Apple stuns world with rare SEVEN-way split: What does that mean?
- Special report Reg probe bombshell: How we HACKED mobile voicemail without a PIN
- RIP net neutrality? FCC boss mulls 'two-speed internet'
- Sony Xperia Z2: 4K vid, great audio, waterproof ... Oh, and you can make a phone call
- Pic Tooled-up Ryobi girl takes nine-inch grinder to Asus beach babe